JDBCAuthProvider (Openfire 4.0.1 Javadoc)

java.lang.Object
- org.jivesoftware.openfire.auth.JDBCAuthProvider

All Implemented Interfaces:

AuthProvider, PropertyEventListener
```
public class JDBCAuthProvider
extends Object
implements AuthProvider, PropertyEventListener
```
The JDBC auth provider allows you to authenticate users against any database that you can connect to with JDBC. It can be used along with the hybrid auth provider, so that you can also have XMPP-only users that won't pollute your external data.
To enable this provider, set the following in the system properties:
- provider.auth.className = org.jivesoftware.openfire.auth.JDBCAuthProvider
You'll also need to set your JDBC driver, connection string, and SQL statements:
- jdbcProvider.driver = com.mysql.jdbc.Driver
- jdbcProvider.connectionString = jdbc:mysql://localhost/dbname?user=username&password=secret
- jdbcAuthProvider.passwordSQL = SELECT password FROM user_account WHERE username=?
- jdbcAuthProvider.passwordType = plain
- jdbcAuthProvider.allowUpdate = true
- jdbcAuthProvider.setPasswordSQL = UPDATE user_account SET password=? WHERE username=?
- jdbcAuthProvider.bcrypt.cost = 12
jdbcAuthProvider.passwordType can accept a comma separated string of password types. This can be useful in situations where legacy (ex/md5) password hashes were stored and then "upgraded" to a stronger hash algorithm. Hashes are executed left to right.

Example Setting: "md5,sha1"
Usage: password ->
(md5) 286755fad04869ca523320acce0dc6a4 ->
(sha1) 0524b1fc84d315b08db890413e65260040b08caa ->

Bcrypt is supported as a passwordType; however, when chaining password types it MUST be the last type given. (bcrypt hashes are different every time they are generated)

Optional bcrypt configuration:
- jdbcAuthProvider.bcrypt.cost: The BCrypt cost. Default: BCrypt.GENSALT_DEFAULT_LOG2_ROUNDS (currently: 10)
In order to use the configured JDBC connection provider do not use a JDBC connection string, set the following property
- jdbcAuthProvider.useConnectionProvider = true
The passwordType setting tells Openfire how the password is stored. Setting the value is optional (when not set, it defaults to "plain"). The valid values are:
Author:

David Snopek

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class JDBCAuthProvider.PasswordType
Indicates how the password is stored.

Nested Classes
Modifier and Type	Class and Description
`static class`	`JDBCAuthProvider.PasswordType` Indicates how the password is stored.

Constructor Summary

Constructors
Constructor and Description

JDBCAuthProvider()
Constructs a new JDBC authentication provider.

Constructors
Constructor and Description
`JDBCAuthProvider()` Constructs a new JDBC authentication provider.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`authenticate(String username, String password)` Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.
`void`	`authenticate(String username, String token, String digest)` Returns if the username, token, and digest are valid; otherwise this method throws an UnauthorizedException.
`protected boolean`	`comparePasswords(String plainText, String hashed)`
`protected void`	`createUser(String username)` Checks to see if the user exists; if not, a new user is created.
`String`	`getPassword(String username)` Returns the user's password.
`protected String`	`hashPassword(String password, JDBCAuthProvider.PasswordType type)`
`boolean`	`isDigestSupported()` Returns true if this AuthProvider supports digest authentication according to JEP-0078.
`boolean`	`isPlainSupported()` Returns true if this AuthProvider supports authentication using plain-text passwords according to JEP--0078.
`boolean`	`isScramSupported()`
`void`	`propertyDeleted(String property, Map<String,Object> params)` A property was deleted.
`void`	`propertySet(String property, Map<String,Object> params)` Support a subset of JDBCAuthProvider properties when updated via REST, web GUI, or other sources.
`void`	`setPassword(String username, String password)` Sets the users's password.
`boolean`	`supportsPasswordRetrieval()` Returns true if this UserProvider is able to retrieve user passwords from the backend user store.
`void`	`xmlPropertyDeleted(String property, Map<String,Object> params)` An XML property was deleted.
`void`	`xmlPropertySet(String property, Map<String,Object> params)` An XML property was set.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - JDBCAuthProvider
```
public JDBCAuthProvider()
```
    Constructs a new JDBC authentication provider.
- Method Detail
  - authenticate
```
public void authenticate(String username,
                String password)
                  throws UnauthorizedException
```
    Description copied from interface: AuthProvider
    
    Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.
    If AuthProvider.isPlainSupported() returns false, this method should throw an UnsupportedOperationException.
    
    Specified by:
    
    authenticate in interface AuthProvider
    
    Parameters:
    username - the username or full JID.
    password - the password
    
    Throws:
    
    UnauthorizedException - if the username and password do not match any existing user.
  - comparePasswords
```
protected boolean comparePasswords(String plainText,
                       String hashed)
```
  - hashPassword
```
protected String hashPassword(String password,
                  JDBCAuthProvider.PasswordType type)
```
  - authenticate
```
public void authenticate(String username,
                String token,
                String digest)
                  throws UnauthorizedException
```
    Description copied from interface: AuthProvider
    
    Returns if the username, token, and digest are valid; otherwise this method throws an UnauthorizedException.
    If AuthProvider.isDigestSupported() returns false, this method should throw an UnsupportedOperationException.
    
    Specified by:
    
    authenticate in interface AuthProvider
    
    Parameters:
    username - the username or full JID.
    token - the token that was used with plain-text password to generate the digest.
    digest - the digest generated from plain-text password and unique token.
    
    Throws:
    
    UnauthorizedException - if the username and password do not match any existing user.
  - isPlainSupported
```
public boolean isPlainSupported()
```
    Description copied from interface: AuthProvider
    
    Returns true if this AuthProvider supports authentication using plain-text passwords according to JEP--0078. Plain text authentication is not secure and should generally only be used for a TLS/SSL connection.
    
    Specified by:
    
    isPlainSupported in interface AuthProvider
    
    Returns:
    true if plain text password authentication is supported by this AuthProvider.
  - isDigestSupported
```
public boolean isDigestSupported()
```
    Description copied from interface: AuthProvider
    
    Returns true if this AuthProvider supports digest authentication according to JEP-0078.
    
    Specified by:
    
    isDigestSupported in interface AuthProvider
    
    Returns:
    true if digest authentication is supported by this AuthProvider.
  - getPassword
```
public String getPassword(String username)
                   throws UserNotFoundException,
                          UnsupportedOperationException
```
    Description copied from interface: AuthProvider
    
    Returns the user's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.
    
    Specified by:
    
    getPassword in interface AuthProvider
    
    Parameters:
    username - the username of the user.
    
    Returns:
    the user's password.
    
    Throws:
    
    UserNotFoundException - if the given user's password could not be loaded.
    
    UnsupportedOperationException - if the provider does not support the operation (this is an optional operation).
  - setPassword
```
public void setPassword(String username,
               String password)
                 throws UserNotFoundException,
                        UnsupportedOperationException
```
    Description copied from interface: AuthProvider
    
    Sets the users's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.
    
    Specified by:
    
    setPassword in interface AuthProvider
    
    Parameters:
    username - the username of the user.
    password - the new plaintext password for the user.
    
    Throws:
    
    UserNotFoundException - if the given user could not be loaded.
    
    UnsupportedOperationException - if the provider does not support the operation (this is an optional operation).
  - supportsPasswordRetrieval
```
public boolean supportsPasswordRetrieval()
```
    Description copied from interface: AuthProvider
    
    Returns true if this UserProvider is able to retrieve user passwords from the backend user store. If this operation is not supported then AuthProvider.getPassword(String) will throw an UnsupportedOperationException if invoked.
    
    Specified by:
    
    supportsPasswordRetrieval in interface AuthProvider
    
    Returns:
    true if this UserProvider is able to retrieve user passwords from the backend user store.
  - createUser
```
protected void createUser(String username)
```
    Checks to see if the user exists; if not, a new user is created.
    
    Parameters:
    username - the username.
  - isScramSupported
```
public boolean isScramSupported()
```
    Specified by:
    
    isScramSupported in interface AuthProvider
  - propertySet
```
public void propertySet(String property,
               Map<String,Object> params)
```
    Support a subset of JDBCAuthProvider properties when updated via REST, web GUI, or other sources. Provider strings (and related settings) must be set via XML.
    
    Specified by:
    
    propertySet in interface PropertyEventListener
    
    Parameters:
    property - the name of the property.
    params - event parameters.
  - propertyDeleted
```
public void propertyDeleted(String property,
                   Map<String,Object> params)
```
    Description copied from interface: PropertyEventListener
    
    A property was deleted.
    
    Specified by:
    
    propertyDeleted in interface PropertyEventListener
    
    Parameters:
    property - the name of the property deleted.
    params - event parameters.
  - xmlPropertySet
```
public void xmlPropertySet(String property,
                  Map<String,Object> params)
```
    Description copied from interface: PropertyEventListener
    
    An XML property was set. The parameter map params will contain the the value of the property under the key value.
    
    Specified by:
    
    xmlPropertySet in interface PropertyEventListener
    
    Parameters:
    property - the name of the property.
    params - event parameters.
  - xmlPropertyDeleted
```
public void xmlPropertyDeleted(String property,
                      Map<String,Object> params)
```
    Description copied from interface: PropertyEventListener
    
    An XML property was deleted.
    
    Specified by:
    
    xmlPropertyDeleted in interface PropertyEventListener
    
    Parameters:
    property - the name of the property.
    params - event parameters.

Class JDBCAuthProvider

Nested Class Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

JDBCAuthProvider

Method Detail

authenticate

comparePasswords

hashPassword

authenticate

isPlainSupported

isDigestSupported

getPassword

setPassword

supportsPasswordRetrieval

createUser

isScramSupported

propertySet

propertyDeleted

xmlPropertySet

xmlPropertyDeleted